GDPR
1. Data Controller
In accordance with the Turkish Personal Data Protection Law No. 6698 ("KVKK") and General Data Protection Regulation ("GDPR"), your personal data may be processed by POLDY Human Resources Software Inc. ("Company") as data controller within the scope explained below.
| Company Name | POLDY Human Resources Software Inc. |
| Address | Fenerbahçe Mah. Ahmet Mithat Efendi Cad. Süheyla Hn. Apt. No. 9/2 Kalamış, 34726 Kadıköy - Istanbul, Turkey |
| privacy@astrokariyer.com | |
| Phone | +90 216 330 20 88 |
2. Processed Personal Data
Categories of personal data processed by the AstroKariyer platform:
| Data Category | Example Data |
|---|---|
| Identity Information | First name, last name |
| Contact Information | Email address, phone number |
| Birth Information | Birth date, birth time, birthplace |
| Customer Transaction Information | Order history, billing information |
| Transaction Security Information | IP address, session information, encrypted access data |
| Marketing Information | Preferences, campaign participations |
Birth information used for astrological analysis and personality assessments derived from this data are considered "special category personal data." This data is only processed with your explicit consent.
3. Processing Purposes
Your personal data is processed for the following purposes:
- Performing membership operations
- Providing astrological career analysis services
- Conducting payment and billing operations
- Customer relationship management and support services
- Marketing and campaign activities (with explicit consent)
- Fulfilling legal obligations
- Ensuring platform security
- Improving service quality
Legal Bases
Under GDPR and KVKK, your personal data may be processed:
- With your explicit consent
- When necessary for the performance of a contract
- When necessary for compliance with a legal obligation
- When necessary for our legitimate interests
4. Transfer of Personal Data
Your personal data may be transferred to:
- Payment service providers (for payment transactions)
- Cloud service providers (for data storage)
- Legal advisors and authorized authorities (when legally required)
- Business partners (to the extent necessary for service delivery)
International Transfer
Due to cloud infrastructure services, your data may be processed on servers outside Turkey. In such cases, necessary technical and legal measures are taken for data security, and data is protected in compliance with KVKK and GDPR standards.
5. Your Rights Under KVKK/GDPR
Under KVKK Article 11 and GDPR, you have the following rights:
- Learn whether your personal data is being processed
- Request information regarding processed personal data
- Learn the purpose of personal data processing and whether it is used appropriately
- Know the third parties to whom personal data is transferred domestically or abroad
- Request correction of personal data if it has been processed incompletely or incorrectly
- Request deletion or destruction of personal data under conditions set forth in Article 7 of KVKK
- Request notification of correction and deletion to third parties to whom personal data has been transferred
- Object to outcomes against you resulting from analysis of processed data exclusively through automated systems
- Claim compensation for damages if you suffer loss due to unlawful processing of personal data
6. Application Method
To exercise your rights, you can choose one of the following methods:
- Email: Send an email to privacy@astrokariyer.com with subject "GDPR Information Request"
- Written Application: Send via notary or registered mail to the company address
- Platform: Through Account Settings > Privacy > GDPR Request section
Your application should include:
- Name, surname, and signature (for written applications)
- National ID number or passport number for foreign nationals
- Residential or business address for correspondence
- Email address and phone number for notifications (if any)
- Subject of your request
Your applications will be concluded free of charge as soon as possible and within 30 (thirty) days at the latest. If the process requires additional cost, fees determined by the Personal Data Protection Authority may be charged.